Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.springframework/spring-context@5.0.5.RELEASE

Type maven

Namespace org.springframework

Name spring-context

Version 5.0.5.RELEASE

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.2.21.RELEASE

Latest_non_vulnerable_version 6.2.7

Affected_by_vulnerabilities

url VCID-cfmp-m8jn-uqg4

vulnerability_id VCID-cfmp-m8jn-uqg4

summary

Improper Handling of Case Sensitivity
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22968.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22968.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-22968

reference_id

reference_type

scores

value	0.2051
scoring_system	epss
scoring_elements	0.95684
published_at	2026-06-09T12:55:00Z

value	0.2051
scoring_system	epss
scoring_elements	0.95681
published_at	2026-06-08T12:55:00Z

value	0.2051
scoring_system	epss
scoring_elements	0.9568
published_at	2026-06-06T12:55:00Z

value	0.2051
scoring_system	epss
scoring_elements	0.95676
published_at	2026-06-05T12:55:00Z

value	0.20519
scoring_system	epss
scoring_elements	0.95671
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-22968

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22968
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22968

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/commit/833e750175349ab4fd502109a8b41af77e25cdea

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/833e750175349ab4fd502109a8b41af77e25cdea

reference_url

https://github.com/spring-projects/spring-framework/commit/a7cf19cec5ebd270f97a194d749e2d5701ad2ab7

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/a7cf19cec5ebd270f97a194d749e2d5701ad2ab7

reference_url

https://security.netapp.com/advisory/ntap-20220602-0004

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220602-0004

reference_url	https://security.netapp.com/advisory/ntap-20220602-0004/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220602-0004/

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2075441
reference_id	2075441
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2075441

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-22968

reference_id

CVE-2022-22968

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-22968

reference_url

https://tanzu.vmware.com/security/cve-2022-22968

reference_id

CVE-2022-22968

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tanzu.vmware.com/security/cve-2022-22968

reference_url

https://github.com/advisories/GHSA-g5mm-vmx4-3rg7

reference_id

GHSA-g5mm-vmx4-3rg7

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g5mm-vmx4-3rg7

reference_url	https://access.redhat.com/errata/RHSA-2022:5101
reference_id	RHSA-2022:5101
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5101

reference_url	https://access.redhat.com/errata/RHSA-2022:5532
reference_id	RHSA-2022:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5532

fixed_packages

url	pkg:maven/org.springframework/spring-context@5.2.21
purl	pkg:maven/org.springframework/spring-context@5.2.21
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-context@5.2.21

url	pkg:maven/org.springframework/spring-context@5.2.21.RELEASE
purl	pkg:maven/org.springframework/spring-context@5.2.21.RELEASE
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-context@5.2.21.RELEASE

url	pkg:maven/org.springframework/spring-context@5.3.19
purl	pkg:maven/org.springframework/spring-context@5.3.19
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-context@5.3.19

aliases CVE-2022-22968, GHSA-g5mm-vmx4-3rg7

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cfmp-m8jn-uqg4

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-context@5.0.5.RELEASE

Package Instance